[CERT-daily] Tageszusammenfassung - 23.03.2020

Daily end-of-shift report team at cert.at
Mon Mar 23 18:18:43 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-03-2020 18:00 − Montag 23-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware ∗∗∗
---------------------------------------------
PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/


∗∗∗ Netwalker Ransomware Infecting Users via Coronavirus Phishing ∗∗∗
---------------------------------------------
As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-infecting-users-via-coronavirus-phishing/


∗∗∗ Latest Astaroth living-off-the-land attacks are even more invisible but not less observable ∗∗∗
---------------------------------------------
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/


∗∗∗ Zero-Day Vulnerabilities in LILIN DVRs Exploited by Several Botnets ∗∗∗
---------------------------------------------
Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets.
---------------------------------------------
https://www.securityweek.com/zero-day-vulnerabilities-lilin-dvrs-exploited-several-botnets


∗∗∗ Achtung bei Einkäufen auf mimty.de und evenlife.de ∗∗∗
---------------------------------------------
Unzählige InternetuserInnen melden die Online-Shops mimty.de und evenlife.de momentan an die Watchlist Internet. Die Webseiten sind exakt gleich aufgebaut und bieten Atemschutzmasken, Desinfektionssprays und ähnliches an. Die Shopiago GmbH, die hinter den Shops steckt, gibt einen Sitz in Deutschland an, der Versand erfolgt aber stark verzögert aus dem weit entfernten Ausland oder bleibt längerfristig aus. Die Watchlist Internet rät zur Vorsicht!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-bei-einkaeufen-auf-mimtyde-und-evenlifede/


∗∗∗ How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls ∗∗∗
---------------------------------------------
The coronavirus outbreak has seen an unprecedented number of people working and learning from home, and one of the tools that is making that possible is Zoom. But if you dont take care, you could find your meetings being gate-crashed or Zoom-bombed, potentially causing havoc and mayhem.
---------------------------------------------
https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Insulet Omnipod ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper access control vulnerability in Insulets Omnipod insulin management system.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-20-079-01


∗∗∗ Systech NDS-5000 Terminal Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for a cross-site scripting vulnerability in Systechs NDS-5000 network server.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-079-01


∗∗∗ FIBARO System Home Center v5.021 Remote File Include XSS ∗∗∗
---------------------------------------------
The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.php


∗∗∗ PMASA-2020-4 ∗∗∗
---------------------------------------------
SQL injection relating to data displayAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. We believe the flaw was introduced with phpMyAdmin 3.4.CVE IDCVE-2020-10803
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2020-4/


∗∗∗ PMASA-2020-3 ∗∗∗
---------------------------------------------
SQL injection relating to searchingAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10802
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2020-3/


∗∗∗ PMASA-2020-2 ∗∗∗
---------------------------------------------
SQL injection with processing usernameAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10804
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2020-2/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (amd64-microcode, chromium, graphicsmagick, jackson-databind, phpmyadmin, python-bleach, and tor), Gentoo (exim and nodejs), openSUSE (chromium and thunderbird), Oracle (tomcat), Red Hat (devtoolset-8-gcc, libvncserver, runc, samba, thunderbird, and tomcat6), and SUSE (ruby2.5).
---------------------------------------------
https://lwn.net/Articles/815798/


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0250


∗∗∗ Security Bulletin: Jan 2020 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jan-2020-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/


∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ( CVE-2019-4717) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-cross-site-scripting-this-vulnerability-allows-users-to-embed-arbitrary-javascript-code-in-the-web-ui-cve-2019-4717/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-2/


∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/


∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-open-redirection-vulnerabilities-arise-when-an-application-incorporates-user-controllable-data-into-the-target-of-a-redirection-in/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-2/


∗∗∗ Security Bulletin: Few vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-few-vulnerabilities-affecting-ibm-cloud-object-storage-systems-march-2020v1/


∗∗∗ Security Bulletin: Vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affecting-ibm-cloud-object-storage-systems-march-2020v2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list